|
Your donations keep RPGWatch running!
RPGWatch Forums » General Forums » Tech Help » This week in computer security

Default This week in computer security

November 11th, 2010, 06:48
There's a new Flash Player out. The last one got some nasty security faults so upgrading is highly recommended.

Link: Adobe Flash Player 10.1.102.64
hishadow is offline

hishadow

Level N+1

#1

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

November 11th, 2010, 13:07
Thanks for the info.
Gorath is offline

Gorath

Gorath's Avatar
Prime Evil
RPGWatch Team

#2

Join Date: Aug 2006
Posts: 6,915

Default 

November 17th, 2010, 01:54
How many times i hear the news of the Flash Player has serious security issue?. I think someone should get fired for that.
Remus is offline

Remus

Remus's Avatar
Antihero

#3

Join Date: Oct 2006
Location: Malaysia
Posts: 1,020

Default 

November 17th, 2010, 02:19
I agree with Apple and find Flash a PITA. It's always breaking and needing updates. Maybe someone can explain why it's so unstable….
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#4

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 17th, 2010, 03:05
Originally Posted by Remus View Post
How many times i hear the news of the Flash Player has serious security issue?
That's why it's "This week in computer security". Stay tuned for more.

Originally Posted by Thrasher View Post
I agree with Apple and find Flash a PITA. It's always breaking and needing updates. Maybe someone can explain why it's so unstable…
Because Flash is written in a system programming language where it's possible for software developers to make lots of mistakes. It's virtually impossible to guarantee the absence of these kinds of security errors. The same problems apply to Apple too.
Last edited by hishadow; November 17th, 2010 at 03:18.
hishadow is offline

hishadow

Level N+1

#5

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

November 17th, 2010, 04:00
What language are you referring to?
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#6

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 17th, 2010, 04:23
It's most of the times a combination of C, C++, and assembler (machine language) code. The problem with these languages is that instructions and the information they handle are equal as far as your actual machine is concerned. It's just a series of 0's and 1's. If one set of instructions handle some information incorrectly, the information can become instructions and hijack the process.
hishadow is offline

hishadow

Level N+1

#7

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

November 17th, 2010, 05:29
Most programs are written in those languages. There's no excuse that Flash should be more buggy than others written in the same languages.
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#8

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 17th, 2010, 14:22
Here's a 2010 listing that ranks by number of severe vulnerabilites in common software (link):
1. Google Chrome (76)
2. Apple Safari (60)
3. Microsoft Office (57)
4. Adobe Reader og Acrobat (54)
5. Mozilla Firefox (51)
6. Sun Java Development Kit (36)
7. Adobe Shockwave Player (35)
8. Microsoft Internet Explorer (32)
9. RealNetworks RealPlayer (14)
10. Apple WebKit (9)
11. Adobe Flash Player (8)
12. Apple QuickTime (6) og Opera (6)
Last edited by hishadow; November 18th, 2010 at 06:22.
hishadow is offline

hishadow

Level N+1

#9

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

November 17th, 2010, 19:57
Yet, there's updates to flash nearly every month, and sometimes more often. AND it crashes and causes slowdown regularly… Clearly the Flash problems are not just about server vulnerabilities.
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#10

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 17th, 2010, 21:09
I think he meant "severe vulnerabilities".

pibbur

Guest

#11

Posts: n/a

Default 

November 17th, 2010, 21:25
Yes, I interpreted that as security vulnerabilities. I was writing about crashes and slowdowns (i.e. reliability, and performance) rather than security issues.
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#12

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 17th, 2010, 22:30
Originally Posted by Thrasher View Post
Yes, I interpreted that as security vulnerabilities. I was writing about crashes and slowdowns (i.e. reliability, and performance) rather than security issues.
OK. Since you wrote "server vulnerabilities" I though you misunderstood what he meant by "sever vulnerabilities" (assuming that he really meant to write "severe…").

Not important.

pibbur

Guest

#13

Posts: n/a

Default 

November 17th, 2010, 23:43
LOL! Yes , I think I compounded one typo with another… aiiiii….
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#14

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

November 18th, 2010, 06:30
That was a typo by me.

In defence of Flash, it's installed and running on pratically every computer in the world connected to the internet. It's interacting with video, graphics and sound. In addition it must validate and run "untrusted" virtual machine instructions from any website delivering Flash content to your webbrowser. It's pretty broad in scope so I don't imagine the engineers at Adobe has an easy job.
hishadow is offline

hishadow

Level N+1

#15

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

February 9th, 2011, 12:59
Another round of security updates:

Adobe Flash 10.2.152.26
- Fixes several critical security flaws

All Windows versions have also received critical security updates this week. Make sure to update both Flash and Windows if you don't have automatic updates enabled.
hishadow is offline

hishadow

Level N+1

#16

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142

Default 

February 9th, 2011, 13:44
"Klicksafe" - and "Safe Internet Day", which was yesterday : https://www.klicksafe.de/ueber-klick…klicksafe.html

And a little bit more : http://ec.europa.eu/information_soci…p/index_en.htm

Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction. (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR

#17

Join Date: Nov 2006
Location: Old Europe
Posts: 16,057

Default 

February 9th, 2011, 14:37
Originally Posted by pibbur View Post
"sever vulnerabilities" (assuming that he really meant to write "severe").
I thought sewers are vulnerable to rats…
zadokAllen is offline

zadokAllen

Sentinel

#18

Join Date: Dec 2010
Location: Innsmouth
Posts: 484

Default 

February 10th, 2011, 03:28
Thanks for the update hishadow! It is a PITA to track flash updates, and this helps!
Thrasher is offline

Thrasher

Thrasher's Avatar
Wheeee!
RPGWatch Donor

#19

Join Date: Aug 2008
Location: Studio City, CA
Posts: 10,436

Default 

February 10th, 2011, 16:07
Thanks. I'm pretty certain there will be a couple more this year.
hishadow is offline

hishadow

Level N+1

#20

Join Date: Mar 2008
Location: Southern parts of Norway
Posts: 1,142
RPGWatch Forums » General Forums » Tech Help » This week in computer security
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 23:57.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright by RPGWatch